rpms/libexif/devel cve-2007-6351.patch, NONE, 1.1 cve-2007-6352.patch, NONE, 1.1 libexif.spec, 1.34, 1.35

Matthias Clasen (mclasen) fedora-extras-commits at redhat.com
Sun Dec 16 04:04:27 UTC 2007 

Author: mclasen

Update of /cvs/extras/rpms/libexif/devel
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv11416

Modified Files:
	libexif.spec 
Added Files:
	cve-2007-6351.patch cve-2007-6352.patch 
Log Message:
fix CVE-2007-6351 and CVE-2007-6352


cve-2007-6351.patch:

--- NEW FILE cve-2007-6351.patch ---
diff -up libexif-0.6.13/libexif/exif-loader.c.cve-2007-6351 libexif-0.6.13/libexif/exif-loader.c
--- libexif-0.6.13/libexif/exif-loader.c.cve-2007-6351	2007-12-15 22:16:06.000000000 -0500
+++ libexif-0.6.13/libexif/exif-loader.c	2007-12-15 22:16:42.000000000 -0500
@@ -173,6 +173,9 @@ exif_loader_write (ExifLoader *eld, unsi
 		break;
 	}
 
+	if (!len)
+		return 1;
+
 	exif_log (eld->log, EXIF_LOG_CODE_DEBUG, "ExifLoader",
 		  "Scanning %i byte(s) of data...", len);
 

cve-2007-6352.patch:

--- NEW FILE cve-2007-6352.patch ---
diff -up libexif-0.6.13/libexif/exif-data.c.cve-2007-6352 libexif-0.6.13/libexif/exif-data.c
--- libexif-0.6.13/libexif/exif-data.c.cve-2007-6352	2007-12-15 22:06:15.000000000 -0500
+++ libexif-0.6.13/libexif/exif-data.c	2007-12-15 22:07:27.000000000 -0500
@@ -285,10 +285,9 @@ static void
 exif_data_load_data_thumbnail (ExifData *data, const unsigned char *d,
 			       unsigned int ds, ExifLong offset, ExifLong size)
 {
-	if (ds < offset + size) {
+	if ((ds < offset + size) || (offset < 0) || (size < 0) || (offset + size < offset)) {
 		exif_log (data->priv->log, EXIF_LOG_CODE_DEBUG, "ExifData",
-			  "Bogus thumbnail offset and size: %i < %i + %i.",
-			  (int) ds, (int) offset, (int) size);
+			  "Bogus thumbnail offset and size");
 		return;
 	}
 	if (data->data) 


Index: libexif.spec
===================================================================
RCS file: /cvs/extras/rpms/libexif/devel/libexif.spec,v
retrieving revision 1.34
retrieving revision 1.35
diff -u -r1.34 -r1.35
--- libexif.spec	29 Aug 2007 04:57:53 -0000	1.34
+++ libexif.spec	16 Dec 2007 04:03:49 -0000	1.35
@@ -1,13 +1,15 @@
 Summary: Library for extracting extra information from image files
 Name: libexif
 Version: 0.6.15
-Release: 4%{?dist}
+Release: 5%{?dist}
 Group: System Environment/Libraries
 License: LGPLv2+
 URL: http://libexif.sourceforge.net/
 Source0: libexif-%{version}.tar.bz2 
 Source1: libexif-docs.tar.gz
 Patch0: libexif-cve-2007-4168.patch
+Patch1: cve-2007-6351.patch
+Patch2: cve-2007-6352.patch
 BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) 
 BuildRequires: doxygen
 
@@ -29,6 +31,9 @@
 %prep
 %setup -q
 %patch0 -p1 -b .cve-2007-4168
+%patch1 -p1 -b .cve-2007-6351
+%patch2 -p1 -b .cve-2007-6352
+
 # to avoid multilib conflicts, we toss in pre-generated docs
 # and neuter make all in the docs dir
 tar xzf %{SOURCE1}
@@ -67,6 +72,10 @@
 %{_libdir}/pkgconfig/libexif.pc
 
 %changelog
+* Sat Dec 15 2007 Matthias Clasen <mclasen at redhat.com> - 0.6.15-5
+- Add patch for CVE-2007-6351. Fixes bug #425641
+- Add patch for CVE-2007-6352. Fixes bug #425641
+
 * Wed Aug 29 2007 Fedora Release Engineering <rel-eng at fedoraproject dot org> - 0.6.15-4
 - Rebuild for selinux ppc32 issue.

More information about the fedora-extras-commits mailing list